package org.spongycastle.tls.crypto.impl.jcajce;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import javax.crypto.interfaces.DHPublicKey;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1OctetString;
import org.spongycastle.asn1.ASN1Primitive;
import org.spongycastle.asn1.x509.Certificate;
import org.spongycastle.asn1.x509.Extensions;
import org.spongycastle.asn1.x509.KeyUsage;
import org.spongycastle.asn1.x509.TBSCertificate;
import org.spongycastle.jcajce.util.JcaJceHelper;
import org.spongycastle.tls.TlsFatalAlert;
import org.spongycastle.tls.crypto.TlsCertificate;
import org.spongycastle.tls.crypto.TlsCryptoException;
import org.spongycastle.tls.crypto.TlsVerifier;

/* loaded from: classes2.dex */
public class JcaTlsCertificate implements TlsCertificate {
    public final JcaTlsCrypto a;
    public final X509Certificate b;
    public DHPublicKey c;
    public ECPublicKey d;
    public RSAPublicKey e;

    public JcaTlsCertificate(JcaTlsCrypto jcaTlsCrypto, X509Certificate x509Certificate) {
        this.c = null;
        this.d = null;
        this.e = null;
        this.a = jcaTlsCrypto;
        this.b = x509Certificate;
    }

    public JcaTlsCertificate(JcaTlsCrypto jcaTlsCrypto, byte[] bArr) {
        this(jcaTlsCrypto, l(jcaTlsCrypto.U(), bArr));
    }

    public static JcaTlsCertificate e(JcaTlsCrypto jcaTlsCrypto, TlsCertificate tlsCertificate) {
        return tlsCertificate instanceof JcaTlsCertificate ? (JcaTlsCertificate) tlsCertificate : new JcaTlsCertificate(jcaTlsCrypto, tlsCertificate.getEncoded());
    }

    public static X509Certificate l(JcaJceHelper jcaJceHelper, byte[] bArr) {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Certificate.t(bArr).q("DER"));
            X509Certificate x509Certificate = (X509Certificate) jcaJceHelper.f("X.509").generateCertificate(byteArrayInputStream);
            if (byteArrayInputStream.available() == 0) {
                return x509Certificate;
            }
            throw new IOException("Extra data detected in stream");
        } catch (GeneralSecurityException e) {
            throw new TlsCryptoException("unable to decode certificate", e);
        }
    }

    @Override // org.spongycastle.tls.crypto.TlsCertificate
    public short a() {
        PublicKey j = j();
        try {
            if (j instanceof RSAPublicKey) {
                m(128);
                return (short) 1;
            }
            if (j instanceof DSAPublicKey) {
                m(128);
                return (short) 2;
            }
            if (!(j instanceof ECPublicKey)) {
                throw new TlsFatalAlert((short) 43);
            }
            m(128);
            return (short) 64;
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            throw new TlsFatalAlert((short) 43, e2);
        }
    }

    @Override // org.spongycastle.tls.crypto.TlsCertificate
    public TlsCertificate b(int i, int i2) {
        if (i2 == 7 || i2 == 9) {
            m(8);
            this.c = f();
            return this;
        }
        if (i2 == 16 || i2 == 18) {
            m(8);
            this.d = h();
            return this;
        }
        if (i != 0 || (i2 != 1 && i2 != 15)) {
            throw new TlsFatalAlert((short) 46);
        }
        m(32);
        this.e = i();
        return this;
    }

    @Override // org.spongycastle.tls.crypto.TlsCertificate
    public TlsVerifier c(short s) {
        m(128);
        if (s == 1) {
            return new JcaTlsRSAVerifier(i(), this.a.U());
        }
        if (s == 2) {
            return new JcaTlsDSAVerifier(g(), this.a.U());
        }
        if (s == 3) {
            return new JcaTlsECDSAVerifier(h(), this.a.U());
        }
        throw new TlsFatalAlert((short) 46);
    }

    @Override // org.spongycastle.tls.crypto.TlsCertificate
    public byte[] d(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        byte[] extensionValue = this.b.getExtensionValue(aSN1ObjectIdentifier.E());
        if (extensionValue == null) {
            return null;
        }
        return ((ASN1OctetString) ASN1Primitive.v(extensionValue)).B();
    }

    public DHPublicKey f() {
        try {
            return n((DHPublicKey) j());
        } catch (ClassCastException e) {
            throw new TlsFatalAlert((short) 46, e);
        }
    }

    public DSAPublicKey g() {
        try {
            return o((DSAPublicKey) j());
        } catch (ClassCastException e) {
            throw new TlsFatalAlert((short) 46, e);
        }
    }

    @Override // org.spongycastle.tls.crypto.TlsCertificate
    public byte[] getEncoded() {
        try {
            return this.b.getEncoded();
        } catch (CertificateEncodingException e) {
            throw new TlsCryptoException("unable to encode certificate: " + e.getMessage(), e);
        }
    }

    public ECPublicKey h() {
        try {
            return p((ECPublicKey) j());
        } catch (ClassCastException e) {
            throw new TlsFatalAlert((short) 46, e);
        }
    }

    public RSAPublicKey i() {
        try {
            return q((RSAPublicKey) j());
        } catch (ClassCastException e) {
            throw new TlsFatalAlert((short) 46, e);
        }
    }

    public PublicKey j() {
        try {
            return this.b.getPublicKey();
        } catch (RuntimeException e) {
            throw new TlsFatalAlert((short) 43, e);
        }
    }

    public X509Certificate k() {
        return this.b;
    }

    public void m(int i) {
        KeyUsage s;
        try {
            Extensions t = TBSCertificate.u(this.b.getTBSCertificate()).t();
            if (t != null && (s = KeyUsage.s(t)) != null && (s.t()[0] & 255 & i) != i) {
                throw new TlsFatalAlert((short) 46);
            }
        } catch (CertificateEncodingException e) {
            throw new TlsCryptoException("unable to parse certificate extensions: " + e.getMessage(), e);
        }
    }

    public DHPublicKey n(DHPublicKey dHPublicKey) {
        return dHPublicKey;
    }

    public DSAPublicKey o(DSAPublicKey dSAPublicKey) {
        return dSAPublicKey;
    }

    public ECPublicKey p(ECPublicKey eCPublicKey) {
        return eCPublicKey;
    }

    public RSAPublicKey q(RSAPublicKey rSAPublicKey) {
        return rSAPublicKey;
    }
}
